nixos/acme: ensure web servers using certs can access them

1 files changed, 6 insertions, 6 deletions

diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix
index 0dd7743c52b..2dd06a50f40 100644
--- a/nixos/tests/acme.nix
+++ b/nixos/tests/acme.nix
@@ -54,15 +54,15 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let
     baseConfig = { nodes, config, specialConfig ? {} }: lib.mkMerge [
       {
         security.acme = {
-          defaults = (dnsConfig nodes) // {
-            inherit group;
-          };
+          defaults = (dnsConfig nodes);
           # One manual wildcard cert
           certs."example.test" = {
             domain = "*.example.test";
           };
         };
 
+        users.users."${config.services."${server}".user}".extraGroups = ["acme"];
+
         services."${server}" = {
           enable = true;
           virtualHosts = {
@@ -252,15 +252,15 @@ in {
       } // (let
         baseCaddyConfig = { nodes, config, ... }: {
           security.acme = {
-            defaults = (dnsConfig nodes) // {
-              group = config.services.caddy.group;
-            };
+            defaults = (dnsConfig nodes);
             # One manual wildcard cert
             certs."example.test" = {
               domain = "*.example.test";
             };
           };
 
+          users.users."${config.services.caddy.user}".extraGroups = ["acme"];
+
           services.caddy = {
             enable = true;
             virtualHosts."a.exmaple.test" = {